Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Authentications Problems (Active directory NTLM) (AD + NTLM.)
  •  
deftoner

Messages: 24
Karma: -2
Send a private message to this user
Hi everybody, thanks for your time on reading this post.

I have the lastest kerio control (8.3.4 build 2461), joined to Active Directory domain.

Everything there is ok, I see the users. The automatic log on NTLM is working BUT:

- I had some computers on the network that aren't part of the domain, so I want it to login "by hand"
- The Login screen of kerio control is shown perfectly, first an apache like login appear, when I enter the user then redirected to servername.domain.com an Kerio login screen appear. The URL is:
https://servername.domain.com:4081/login/?orig=XXXXXXXXXXXXX XXXXXXX%3D&dest=XXXXXXXXXXXXXXXXXXXXX%3D%3D&host=XXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&NTLM=0
- I try any user an fail the login, BUT if I modify the url by hand to: https://servername.domain.com:4081/login/ its automaticly login (I guess using the credentials previously entered on the apache like windows) or by modifying the url and changing NTLM=0 to NTLM=1

So I guess that kerio try to autenticate local user and not using the list of users from domain.

So IF the problem is that kerio try to use local base, there is any method to use Domain users by default?

Any idea?

As second problem (but less important) I cant conect to admin console using active directory users (regardless if I put as admin or not on kerio), I got to create local users for administracion (not big deal for that)

Thanks again for the time on reading this.

Hope you have a nice day.

PD: Just in case, I have 6 building with kerio control + vpn and I'm upgrading from the old windows version to the stand alone (linux), and forcing users to be loged to navigate for security reasons, this is the first building that I Upgraded
  •  
trisse

Messages: 15
Karma: -1
Send a private message to this user
same here! i dont have a solution for that.. maybe a bug?
  •  
exportgoldman

Messages: 39
Karma: 1
Send a private message to this user

We have the same problem, and have been playing around with the settings for the last month. Running latest release of Kerio on a rack mount appliance box.

Cannot get the captive portal to be captive, so no redirects at all browsing if your not logged in.

We have it to the stage now where if we put NTLM=1 on the URL with the correct IE security settings it will auto logon.
  •  
abteen

Messages: 1
Karma: 0
Send a private message to this user
same problem here.it seems that daylight savings was the cause of the problem.
  •  
generator

Messages: 4
Karma: 0
Send a private message to this user
Same problem Back to 8.3.4 !!!

8.4.0 Not usable in ActiveDirectory NTLM
  •  
deftoner

Messages: 24
Karma: -2
Send a private message to this user
BTW, adding info to this issue. If the computer just surft to https website, will never login. No redirect or autologin when the traffic is https only.

  •  
miyzfrider

Messages: 14
Karma: 5
Send a private message to this user
Was this verified by Kerio someplace? I am having NTLM automatic authentication issues (not working) now after upgrading to 8.4 as well, and can only assume that it's due to the upgrade given it was working just fine on our network before I did the update. Did Kerio acknowledge this issue?

[Updated on: Sat, 25 October 2014 16:31]

  •  
deftoner

Messages: 24
Karma: -2
Send a private message to this user
Hey miyzfrider, thanks for the feedback.

I'm on 8.3.4 and upgrading to 8.4 to see if works for me.

There is nothing about ntlm auth on the changelog, nothing even close to the subject in fact.

I will try if this works for me and post it here about Monday.

Thanks again.
  •  
miyzfrider

Messages: 14
Karma: 5
Send a private message to this user
I downgraded back to 8.3.4 build 2461 and NTLM is working just fine again. I reached out to tech support and was basically told it was likely my configuration must be incorrect. Not sure how that conclusion can be reached when it worked fine before updating to 8.4, then after upgrading it stopped working, now it works fine again after downgrading to 8.3.4. There has to be something in the authentication function that has changed. Hopefully they will look further into it and find a solution. Till then, we'll stay on 8.3.4.

[Updated on: Sat, 25 October 2014 16:32]

  •  
mlee (Kerio)

Messages: 246
Karma: 16
Send a private message to this user
@miyzfrider I see from your message on 27 Oct to Technical Support that your NTLM now works after following the steps in the NTLM Knowledge Base article, I assume it is http://kb.kerio.com/735 .

M.

PTSD. BP. OCD. ASPD. BPD. Certified.
  •  
miyzfrider

Messages: 14
Karma: 5
Send a private message to this user
Yes, that is the correct KB article.
  •  
miyzfrider

Messages: 14
Karma: 5
Send a private message to this user
Just a comment to everyone reading this thread and also experiencing NTLM issues after upgrading...it appears that NTLM authentication may not have been working correctly, or at least as Kerio thought, in prior versions. We didn't have to set the browser settings mentioned in the KB article referenced above to have NTLM work, with the exception of Firefox. But we never went into IE settings like described in the article and NTLM authentication worked fine. Now, after the upgrade, even after making the setting adjustments in IE, NTLM does not work. It does work in Firefox however if you add the Kerio machine FQDM to the appropriate setting referenced in the KB article, at least on our network.

I will reach back out to Kerio tech support as this definitely seems to be something in the new version.

I'll post back if I hear anything.

[Updated on: Tue, 28 October 2014 13:56]

  •  
Hamidreza

Messages: 2
Karma: 0
Send a private message to this user
UP! i have same problem Sad in 8.4.0
  •  
SvdH

Messages: 2
Karma: 1
Send a private message to this user
Hi all,

Does any of you using the Active Directory for VPN and is that still working?
My problem is that Active Directory users can't log on by VPN.

This is happening since the last update.

Grtz

[Updated on: Thu, 30 October 2014 08:51]

miyzfrider

Messages: 14
Karma: 5
Send a private message to this user
Yes, we are having the VPN logging in issue as well with NTLM in 8.4. I again downgraded until this is fixed.
Previous Topic: Kerio interface not see more than " USB2 Ethernet adapter" under tab Internet Interfaces
Next Topic: Remote Access to Kerio Control Console
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Jan 16 11:58:12 CET 2017

Total time taken to generate the page: 0.01175 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.